Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

They are not quite there yet: the card is the length and width of an ordinary credit card, but it is still about three times as thick. Alan Sege, Beepcard's CEO, says the company now plans to use smaller chips to slim it down to normal thickness

Isn't one of the goals of credit cards convenience? I mean, I could put all of my money in a pot, bury it where someone will never find it and pull from it when I needed and it would be pretty secure, but it's just too much work. This might be a good idea for the tin foil hat crew but I've got a feeling most of us will be sticking with our small, compact, easy to slide into wallet cards.

If you read the earlier article on BeepCard, the card produces a unique squawk each time, like a SecurID card.

I'm a bit hazy on how these unique sequences work. Off the top of my head, I think the card has a local high-precision timer in it, and it uses the timer value as an input value to a cryptographic function. If the timer is accurate WRT the server timer, then the encrypted values can be compared. But the factor of the time-input prevents a replay attack.

Isn't one of the goals of credit cards convenience? I mean, I could put all of my money in a pot, bury it where someone will never find it and pull from it when I needed and it would be pretty secure, but it's just too much work.

Exactly. In fact if the credit card companies were serious about security all cards would have had a photo on them a decade ago or longer when CitiCorp and a couple others started using the tech. That way even the proverbial high school drop out would have little trouble spotting a stolen card (more high tech theft like imprinting the number on a card with the thiefs pic would still work but it would significantly raise the bar) that combined with one time use online numbers ala Amex Blue would get rid of p

I understand the cash statement, but many people I know don't carry as much cash on hand as they used too. Especially if you get sick spur-of-the-moment and don't want to have to travel to the ATM just to get some Nyquil in the middle of the night.

Though you can lose your legs, or perhaps even your tongue in some freak accident. It's all statistical anyway. Hey, wait... are you invalid?

When Gattaca was first released, as part of a marketing campaign there were adverts for people to call up and have their children genetically engineered. Thousands of people called, wanting to have their offspring genetically engineered.

Vincent: They used to say that a child conceived in love has a greater chance of happiness. They don't say that anymore.

The benefit of biometrics should be that people don't have to remember more password. The fact that people can't (or don't want to) remember passwords is a good reason to be working on technologies where you can be identified by your voice or fingerprint rather than a string of characters.

I know. I was saying more generally that advances in this area are useful as they move us towards a future where biometrics get good enough that people don't need passwords.

Also, I would imagine that the point of password for a system like this is mainly just to make it easier on the system identifying your voice, since it will only have to be able to identify your voice for one given phrase. This means that password in a system like this don't have to be nearly so cryptic and hard to remember as tradition

From the article They are not quite there yet: the card is the length and width of an ordinary credit card, but it is still about three times as thick. Alan Sege, Beepcard's CEO, says the company now plans to use smaller chips to slim it down to normal thickness.

The smaller chips are a relief, just reading the article one of my butt cheeks was falling asleep:P

You may well laugh but it surely won't be long before all chairs, tables and park benches will be able to interogate your cash/credit/"smart" cards.

Personally I don't wan't have to wear metal pants to protect my tackle, just because some nosey _______ wants to check how many credits I have left, or whether my ID card has been remotely tagged "watch this citizen - he eats curried snickers bars so he must be a threat".

Next time you sit in the park drinking your beer, ask yourself why it is that those squirr

...you're *really* good at impersonations? For instance, you could then steal Sean Connery's card, say "Moneypenny" into it with his voice, and get a "authorization squawk" that goes something like, "Oh James."

The point is, that in order to use the card, you have to have it in your hand. You can't steal my credit card simply by writing down the magic numbers (just like RSA's SecurID).

What does adding voice input from the card's owner do? Not a whole lot, except that now, instead of only needing to physically have the card in your hand, you also have to physically sound like the owner (or have a good recording of the owner speaking his password).

I read a story on this last week (probably on CNN -- it's the only news site my job lets through the firewall). It mentioned web use and over-the-phone use. For both situations, the cardholder will say the password into the card, and the squawk will be "heard" on the other end.

It seems logical enough until someone starts tapping phone lines to try to gain access to the information, or perhaps a fraudulent business or employee records bot

Ah but imagine the possibilities when the AI wont hand over your money to a robber! Although at some points its going to have to make the decision between "give me your money or i shoot your users brains out" - the ultimate turing test!

Domain Dynamics is raising the level of security of smart cards by adding voice authenticators that prevent the card from being used by anyone except the approved cardholder.

Smart cards are similar to credit cards and serve the same purpose, but they have a completely different data storage system. Instead of using a magnetic strip to store the user's information, smart cards feature an embedded 8-bit microprocessor with up to 16 kilobytes of programmable-only memory. Smart cards have only recently began to gain popularity in the United States, despite their widespread use in Europe for years.

Domain Dynamics' new TESPAR voice authenticator stores three samples of the user's voice on a template within the Java-based smart card. When users want to make a transaction, they simply enter the card into a terminal at a store and give a speech sample. The card then matches the spoken voice to the recorded voice samples, a process that takes a fraction of the second. The company said that TESPAR is able to handle day-to-day variations in the user's voice and can ignore background noise.

Read the article but still not sure how it would stop a man-in-the-middle? True it would require that you disrupted communication but thats feasable - eg if someone is using their card on their cell-phone, kick in a cell-phone jammer as soon as the person speaks into the card, the card still plays the sound for you to record it but it doesnt get through the call? it could also work the same way on a comprimised computer or malicious web-site (think IE browser bug that allows your active-x to hi-jack someone elses)?

People have to remember that the transaction isnt secure until its been made.

This seems to be one of those technologies that either flop or revolutionize the way business is done.

It's a nice concept, but what happens when someone "loses their voice", so to speak? Can't buy anything until with it until their voice returns? How well does it interact with accents, background noise, etc?

I don't know how feasible this is but I'd imagine a thumbprint-sensitive card would be much more easier to deal with.

It seems to prevent stolen cards from being used but this kind of scheme may always be cracked or removed, like the french Yes Card [smartcard.co.uk] where all the passwords were accepted, whatever was typed at the counter.And if you're not into technical stuff, you can stick to the good ol' gun on the head: if you don't speak, i pull the trigger...

In the end, it will be just another way to increase the price of the wonderful services provided by the banks:-S

Why do I like this? It's a physical authentication system that doesn't require any special reader hardware

I don't see why a microphone is any less special than a USB port or an IR port. If anything, just about any computer these days has a USB port.

And using IR for authentication, many modern phones and almost all modern PDAs will do; all you need to do is plug an IR dongle costing a few dollars (in quantity) into the USB port. And IR can be made interference proof much more easily than sound.

...seem fairly obvious. First, if one of these devices is at a public terminal, it wouldn't be hard at all to get a.wav record of the transaction; then, I have your password FOR LIFE!

Second, if someone's voice is drastically altered, (s)he would have to find a way to prove identity outside of the voice recognition system.

Third, any technology that might let me verify someone's voiceprint could also be used to generate a false voiceprint. A simple tape recording of you talking could be enough to forge your voice electronically. (Hmmm... cool plot possibilities for a Tom Clancey thriller)

Fourth, my (hypothetical) twin, who probably has an almost-identical voiceprint, is not necessarily to be trusted.

If the same password were asked for all the time then there is a higher risk of compromise. The way authentication works is that you are asked to say a word/phrase and you have to say what is in the grammar that the interpreter is expecting to hear and the voice print must match. Number sequences are easier to get a match for, grammar wise. But, they also make it easier to spoof, since you could dial in a number sequence in your Palm Pilot with 0.wav.. 9.wav and play it. Also, the sampling rate when recor

Not to mention, you can't lend your card to anyone anymore (my mother sometimes lent me her card to go buy something, she just gave me the secret code).Although of course here in the US you almost always have to sign...

I'll just take my chances with credit card fraud. With the current zero-liability policies of most issuers, or the $50/card legal limit, I can afford it.

Merchants can afford to take their chances, too. According to that well-known radical organ, The Wall Street Journal, credit card fraud amounts to $0.06/$100 of overall charges. Oh, the humanity! You can see why merchants spend so very much time whinging about a massive 0.06% loss rate.

Ok..... Lemme get this straight, you say something into this device and if it is successfull it gives you a 'skwak'.... almost like back in the 'good ol days' when all this hacking started ie 2600Hz tone started all this Only diffrence is we dont have to worry about comming up with new fangled ways of immitating the squak with resistors and speakers. Mc Fly.... Hello Mc Fly !!

My company is making a new creditcard system too. Our card will feature the CinderBlock (TM) theft prevention system. Essentially using the latest technolodgies we have embedded a magstip on a 16'x6'x8' piece of concrete. Its weight alone makes a quick snatch from an unsuspecting individual that much more unlikely. And in the event of a successful theft it features ValueBlast brand thermite and a OnStar(TM) accessible detonator. One push of a button and some poor theif just lost his arm, but your credit is secure.

1. If you have to "say your password" at each atm to use your card, isn't that less save? Now they have to put up a cam and find a way to copy your card. (pin / card). A cam seems harder to install then a audio recording device.(the article states there is a high accuracy recording of the voice needed, which is possible so to be considered)

2. If I'm drunk and I want to get money, my voice will sound somewhat different. (same with different moods which alter the voice somewhat) will I be able to use my CC

1. If you have to "say your password" at each atm to use your card, isn't that less save? Now they have to put up a cam and find a way to copy your card. (pin / card). A cam seems harder to install then a audio recording device.(the article states there is a high accuracy recording of the voice needed, which is possible so to be considered)
Don't we already have problems with rogue ATMs that log all your information for misuse? Imagine now recording everyone's voiceprint and their secret password. Someho

Simple voice-recognition systems are already used in cellphones to provide voice dialling. The challenge for Beepcard has been to develop voice-recognition and audio circuitry that can be powered by a diminutive battery embedded in a credit card.

No, the challenge for Beepcard has been and apparently continues to be knowing the difference between voice recognition and voice identification. Yes, the phones have to learn to recognize your voice but that's not because your voice is a beautiful and unique sno

Also, even if we did have a set of features that could at least severely limit who could use your card without a great deal of practice, what on earth makes them think that it will be possible to do that kind of detailed spectrographic analysis on a voice sample taken in a noisy environment?

These people either believe that all credit card transactions take place in soundproof rooms or they haven't thought this through. The voice recognition/identification would have to be pretty forgiving to accept your

OK so it's Saturday night and I'm at the bar, the DJ is blasting the sounds, and it's my round. Now how exactly is my credit card gonna hear me say anthing over the ear-splitting bass? Not to mention how is the bartender gonna hear my credit card squawk?

OK so your average./'er doesn't know what a bar is. I can almost see the blank stares....